About Incidents

National CERT considers security incident as an act of violating information security norms related to the Internet and services.

To declare an activity to an incident, it is important that it is targeted illegal activities.

National CERT policy defines the following types of incidents:

Denial of Service (DoS)

– an attempt to make one or more services on a server unavailable by generating too many requests or by consumption of other server resources

– blocking normal functioning of a whole ISP infrastructure or part of it and its servers, generating a large number of IP packets from multiple sources. The attacks were carried out by DDoS tools from an infrastructure which consists of many compromised computers

Computer compromise

– successful installation of malware

– successful unauthorized access to a computer

– unauthorized use of a computer

– unauthorized change of user information

Unwanted network activities

– it implies to all types of unwanted network activities for discovering (scan) of networks and network services, which were initiated by a third person using scan tools

Spam

– spam sending over compromised computers

– placing of spam URLs which are registered in original spam messages on servers

Phishing

– phishing attack where at least one computer from Croatia is involved as an attacker or victim

– phishing attack which uses a compromised host from Croatia

Other types of malicious attacks

– it implies to the rest types of attacks or frauds where at least one computer from Croatia is involved as an attacker or victim.